Mercurial > hg > fapweb
changeset 245:bb96aef874a9
Work on the voting backend code.
author | Matti Hamalainen <ccr@tnsp.org> |
---|---|
date | Fri, 22 Nov 2013 15:58:17 +0200 |
parents | 70c424d025d6 |
children | cb34e3fafb33 |
files | usrajax.php |
diffstat | 1 files changed, 28 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/usrajax.php Fri Nov 22 15:45:20 2013 +0200 +++ b/usrajax.php Fri Nov 22 15:58:17 2013 +0200 @@ -68,6 +68,9 @@ stReloadSettings(); +$userKeyLen = stGetSetting("userKeyLength"); +$voteMin = stGetSetting("voteMin"); +$voteMax = stGetSetting("voteMax"); // // Handle the request @@ -78,21 +81,37 @@ // // Set vote, if voting is enabled // - if (stChkSetting("allowVoting") && - stChkRequestItem("votekey") && - stChkRequestItem("entry_id") && - stChkRequestItem("vote")) + if (!stChkSetting("allowVoting")) + stError("Voting is not enabled.") + else + if (stChkRequestItem("entry_id", $entry_id, + array(CHK_TYPE, VT_INT, "Invalid data.")) && + stChkRequestItem("vote", $vote, + array(CHK_TYPE, VT_INT, "Invalid data."), + array(CHK_RANGE, VT_INT, array($voteMin, $voteMax), "Invalid vote value.")) { // Check if voting is enabled on the compo and voter is valid - $entry_id = stGetRequestItem("entry_id"); - - $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetRequestItem("votekey")); - if (($votekey = stFetchSQLColumn($sql)) !== false) + $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key")); + if (($votekey = stFetchSQL($sql)) !== false) { } + else + stError("Invalid data."); } + break; + + case "submit": + if (!stChkSetting("allowVoting")) + stError("Voting is not enabled.") else - stSetStatus(902, "No data."); + { + $sql = stPrepareSQL("SELECT * FROM votekeys WHERE key=%s", stGetSessionItem("key")); + if (($votekey = stFetchSQL($sql)) !== false) + { + } + else + stError("Invalid data."); + } break; default: